1. 08 Sep, 2014 4 commits
  2. 05 Sep, 2014 2 commits
  3. 04 Sep, 2014 10 commits
  4. 03 Sep, 2014 5 commits
  5. 02 Sep, 2014 7 commits
  6. 29 Aug, 2014 1 commit
    • Mike Hibler's avatar
      Add explict dependency on p5-Convert-ASN1 port. · c844e2ef
      Mike Hibler authored
      This used to be not required as p5-Crypt-X509 had a dependency for it,
      and emulab-protogeni depended on p5-Crypt-X509. But, for a brief shining
      moment, the FreeBSD port was broken and guess when I happened to take a
      shapshot of the ports?
      c844e2ef
  7. 28 Aug, 2014 4 commits
  8. 27 Aug, 2014 7 commits
    • Leigh B Stoller's avatar
      Minor bug fix. · d3d86a10
      Leigh B Stoller authored
      d3d86a10
    • Leigh B Stoller's avatar
      More geni login tweaks. · 4cf3fffe
      Leigh B Stoller authored
      4cf3fffe
    • Leigh B Stoller's avatar
      Tweaks to Geni login code. Hide the button from login page and · d56f4f8b
      Leigh B Stoller authored
      login modal, must use the original direct geni-login.php page
      until we go live.
      d56f4f8b
    • Leigh B Stoller's avatar
      Large set of changes for using the Geni trusted signer tool, to · 980f6cbd
      Leigh B Stoller authored
      authenticate Geni users to CloudLab (who do not have Emulab accounts).
      CloudLab users must have an account to do anything (unlike APT which allows
      guest users). But instead of requiring them to go through the Emulab
      account creation (high bar), let then use their Geni credentials to prove
      who they are. We then build a local account for that new user, and save off
      the speaksfor credential so that we can act on their behalf when talking to
      the backend clusters (and their MA to get their ssh keys).
      
      These users do not have a local account password, so they cannot log into
      the web interface using the Emulab login page, nor do they have a shell on
      ops.
      
      Once authenticated, we put the appropriate cookies into the browser via
      javascript, so they can use the Cloud (okay, APT) web interface (they
      appear logged in).
      
      I make use of the nonlocal_id field of the users table, which was not being
      used for anything else. Officially, these are "nonlocal" users in the code
      (IsNonLocal()).
      
      When a nonlocal user instantiates a profile, we use their speaksfor
      credential to ask their home MA for their ssh keys, which we then store in
      the DB, and then provide to the aggregate via the CreateSliver call.
      Note that no provision has been made for users who edit their profile and
      add keys; I am not currently expecting these users to stumble into the web
      interface (yet).
      980f6cbd
    • Leigh B Stoller's avatar
      b8fb1917
    • Leigh B Stoller's avatar
      Add expires() to abac credential object. · 7a2d123c
      Leigh B Stoller authored
      7a2d123c
    • Leigh B Stoller's avatar
      More tweaks to email from address. · a57e6737
      Leigh B Stoller authored
      a57e6737